Main Vulnerability Database Vulnerabilities #VU26733

Improper validation of integrity check value in Huawei products - CVE-2020-1802

Published: April 9, 2020

Vulnerability identifier: #VU26733

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-1802

CWE-ID: CWE-354

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
OSCA-550
OSCA-550A
OSCA-550AX
OSCA-550X

Detailed vulnerability description

The vulnerability allows a local attacker to gain unauthorized access to the target device.

The vulnerability exists due to the affected device does not sufficiently validate the integrity of certain file in certain loading processes. An attacker with physical access can load a specially crafted file to the device through USB and gain access to the device.

How to mitigate CVE-2020-1802

Install updates from vendor's website.

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-osca-en

Improper validation of integrity check value in Huawei products - CVE-2020-1802

Detailed vulnerability description

How to mitigate CVE-2020-1802

Sources

Please verify you're human